On Aug 2, 2010, at 4:19 PM, Paul Wouters wrote:
...Of course, TLS hasn't been successful in the sense that we care
about
most. TLS has had no impact on how users authenticate (we still send
usernames and passwords) to servers, and the way TLS authenticates
servers to users turns out to be very
On Tue, 3 Aug 2010 17:49:00 +0200 Eugen Leitl wrote:
> Encryption is cheap enough (especially if you cache keys from
> previous sessions). Why not encrypt everything?
I'm not sure it is actually cheap enough in all cases. Imagine the
state explosion problem that DNS root servers would face, for
e
On Mon, Aug 02, 2010 at 03:46:24PM -0500, Nicolas Williams wrote:
> > "The default mode for any internet communication is encrypted"
>
> That's... extreme. There are many things that will not be encrypted,
Extreme? I don't see why my ISP should be able to inspect and monetize
my data stream.
>
On Aug 2, 2010, at 1:25 PM, Nicolas Williams wrote:
On Mon, Aug 02, 2010 at 12:32:23PM -0400, Perry E. Metzger wrote:
Looking forward, the "there should be one mode, and it should be
secure" philosophy would claim that there should be no insecure
mode for a protocol. Of course, virtually all pr
On Mon, 2 Aug 2010 16:19:38 -0400 (EDT) Paul Wouters
wrote:
> [Speaking here about DNSSEC...]
> Yes, but in some the API is pretty much done. If you trust your
> (local) resolver, the one bit is the only thing you need to check.
> You let the resolver do most of the bootstrap crypto. One you have
On Mon, Aug 02, 2010 at 04:19:38PM -0400, Paul Wouters wrote:
> On Mon, 2 Aug 2010, Nicolas Williams wrote:
> >How should we measure success?
>
> "The default mode for any internet communication is encrypted"
That's... extreme. There are many things that will not be encrypted,
starting with the
On Mon, 2 Aug 2010, Nicolas Williams wrote:
If that was a major issue, then SSL would have been much more successful
then it has been.
How should we measure success?
"The default mode for any internet communication is encrypted"
By that measure TLS has been so much more successful than IPs
On Mon, Aug 02, 2010 at 01:05:53PM -0400, Paul Wouters wrote:
> On Mon, 2 Aug 2010, Perry E. Metzger wrote:
>
> >For example, in the internet space, we have http, smtp, imap and other
> >protocols in both plain and ssl flavors. (IPSec was originally
> >intended to mitigate this by providing a comm
On Mon, Aug 02, 2010 at 12:32:23PM -0400, Perry E. Metzger wrote:
> Looking forward, the "there should be one mode, and it should be
> secure" philosophy would claim that there should be no insecure
> mode for a protocol. Of course, virtually all protocols we use right
> now had their origins in th
On Mon, 2 Aug 2010 12:45:46 -0400 John Kemp wrote:
> On Aug 2, 2010, at 11:08 AM, Perry E. Metzger wrote:
>
> > On Mon, 2 Aug 2010 11:02:54 -0400 Bill Squier
> > wrote:
> >> "...In his presentation at the Black Hat Conference, German GSM
> >> expert Karsten Nohl presented a tool he calls Kraken,
On Mon, 2 Aug 2010, Perry E. Metzger wrote:
For example, in the internet space, we have http, smtp, imap and other
protocols in both plain and ssl flavors. (IPSec was originally
intended to mitigate this by providing a common security layer for
everything, but it failed, for many reasons. Nico m
On Aug 2, 2010, at 11:08 AM, Perry E. Metzger wrote:
> On Mon, 2 Aug 2010 11:02:54 -0400 Bill Squier
> wrote:
>> "...In his presentation at the Black Hat Conference, German GSM
>> expert Karsten Nohl presented a tool he calls Kraken, which he
>> claims can crack the A5/1 encryption used for cell
On Mon, 2 Aug 2010 12:12:25 -0400 Adam Fields
wrote:
>
> Apropos the theses thread, this article contains mention of an
> interesting security "feature":
>
> 'Although the GSM specifications say that a phone should pop up a
> warning when it connects to a station that does not have encryption,
>
On Mon, Aug 02, 2010 at 04:55:04PM +0100, Adrian Hayter wrote:
> In a related story, hacker Chris Paget created his own cell-phone base
> station that turned off encryption on all devices connecting to it. The
> station then routes the calls through VoIP.
>
> http://www.wired.com/threatlevel/201
In a related story, hacker Chris Paget created his own cell-phone base station
that turned off encryption on all devices connecting to it. The station then
routes the calls through VoIP.
http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-calls/
-Adrian
On 2 Aug 2010, at 16:02, Bi
On Mon, 2010-08-02 at 11:02 -0400, Bill Squier wrote:
> "...In his presentation at the Black Hat Conference, German GSM expert
> Karsten Nohl presented a tool he calls Kraken, which he claims can crack the
> A5/1 encryption used for cell phone calls within seconds."
>
> http://www.h-online.com/s
On Mon, 2 Aug 2010 11:02:54 -0400 Bill Squier
wrote:
> "...In his presentation at the Black Hat Conference, German GSM
> expert Karsten Nohl presented a tool he calls Kraken, which he
> claims can crack the A5/1 encryption used for cell phone calls
> within seconds."
>
> http://www.h-online.com/se
"...In his presentation at the Black Hat Conference, German GSM expert Karsten
Nohl presented a tool he calls Kraken, which he claims can crack the A5/1
encryption used for cell phone calls within seconds."
http://www.h-online.com/security/news/item/Quickly-decrypting-cell-phone-calls-1048850.ht
18 matches
Mail list logo